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REMARKS 

Reconsideration and further examination are respectfully requested. 
Double Patenting 

Claims 1-4, 12-15 and 23-26 were rejected under the judicially created doctrine of 
obviousness-type double patenting as being unpatentable over claims of co-pending application 
10/661,903. Applicants acknowledge that a terminal disclaimer may be filed to overcome this 
rejection. However, because the claims of both applications are currently pending and subject to 
amendment, Applicants will delay determination as to whether a filing of the terminal disclaimer 
is a proper course of action until an allowable set of claims has been identified. 

Rejections under 35 U.S.C. $102 

Claims 1 , 2 and 4-15 were rejected under 35 U.S.C. § 1 02(e) as being anticipated by Liu 
(U.S. Patent 2002/0154635) which incorporates the reference of Caronni et al. (U.S. Patent 
6,970,941). 

Liu: 

Liu describes a method of enabling communications between a first private network and a 
second private network. As described in the Abstract of Liu: "...When communicating a packet 
from the first private network to the second private network, a computer receives a packet from a 
source node in the first private network. The computer then determines whether the packet is 
destined for the second private network. Thereafter, if the packet is destined for the second 
private network, the computer forwards the packet to a destination node in the second private 
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network. When communicating a packet from the second private network to the first private 
network, a computer receives a packet from a source node in the second private network..." 

Liu therefore describes a method and apparatus for communicating between private 
networks. 



Caronni: 

Caronni describes establishing a 'Supernet' which is a private network that uses 
components from a public-network infrastructure. At col. 4, lines 36-60 Caronni describes: 

"... A Supernet allows an organization to utilize a public-network infrastructure for its 
enterprise network so that the organization no longer has to maintain a private network 
infrastructure; instead, the organization may have the infrastructure maintained for them by one 
or more service providers or other organizations that specialize in such connectivity matters. As 
such, the burden of maintaining an enterprise network is greatly reduced. ... 

Supernets also provide heterogeneous addressing functionality. The Supernet uses a 
separate layer that isolates address names of nodes from addressing schemes and delivery 
schemes. The Supernet contains a modification to the IP packet format that can be used to 
separate network behavior from addressing. As a result of the modification, any delivery scheme 
may be assigned to any address, or group of addresses...." 



Caronni describes the address translation scheme in more detail at column 6, lines 6-25: 

"... the system provides address translation in a transparent manner. Since the 
Supernet is a private network constructed from the infrastructure of another network, the 
Supernet has its own internal addressing scheme, separate from the addressing scheme of 
the underlying public network. Thus, when a packet from a Supernet node is sent to 
another Supernet node, it travels through the public network. To do so, the Supernet 
performs address translation from the internal addressing scheme to the public addressing 
scheme and vice versa. By separating the addressing schemes, the Supernet creates a 
flexible delivery scheme that is easily changeable by network software or a system 
administrator. To reduce the complexity of Supernet nodes, system-level components of 
the Supernet perform this translation on behalf of the individual nodes so that it is 
transparent to the nodes. Another benefit of the Supernets' addressing is that it uses an IP- 
based internal addressing scheme so that preexisting programs require little modification 
to run within a Supernet..." 
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The Supernet of Caronni is thus merely a virtual network layered on top of the Internet IP 
network. For example, as described in the Abstract of Caronni 'The virtual network uses a 
separate layer to create a modification to the IP packet format that is used to separate network 
behavior from addressing..." 

Figure 4 of Caronni illustrates an embodiment of the Supernet, which includes multiple 
nodes 316, 318, 320 and 322 which communicate with each other via shared channels. As 
described at column 5, lines 7-11 of Caronni "... When communicating among themselves, the 
nodes 316, 381, 320 and 322 serve as end points for the communications..." 

At column 12, lines 10-20, Caronni recites: 

"... When encrypting the packet, the virtual source node address 642, the virtual 
destination node address 644, and the data may be encrypted (addressing section 660), but the 
source and destination real addresses 614, 616 (delivery scheme section 670) are not, so that the 
real addresses can be used by the public network infrastructure to send packets to the 
destination..." 

Applicant's Argument: 

It is well known that "A claim is anticipated only if each and every element as set forth in 
the claim is found, either expressly or inherently described, in a single prior art reference." 
Verdegaal Bros. v. Union Oil Co. of California, 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 (Fed. 
Cir. 1987)..." (M.P.E.P. 2131) Applicants respectfully submit that neither Liu nor Caronni, alone 
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or in combination teach or suggest every element of the independent claims of the present 
invention. 

As described above, Liu describes a system and method of interfacing two different 
private networks. Thus, Caronni describes encrypting the virtual source and destination 
addresses, and appending a Supernet header and Outer IP header to communications to 
implement a Supernet. 

In contrast, the claimed invention, as amended, now clearly recites a system such as that 
described on pages 19 and 20 of Applicant's specification, which is directed towards an 
embodiment of the invention wherein a packet transformation process is 'shared' with a portion 
being performed at a client edge device and a portion being performed at a provider edge device. 
As described at page 19, lines 10-12 of Applicant's specification, such an embodiment maybe 
desirable in a networked environment where the owner of the PE wishes to gain some revenue 
for providing some services to the client. 

In particular, as shown in Figures 9A -10B, a trusted ingress point, such as a client edge 
device, performs IPsec processing on a packet prior to forwarding it to the PE. As shown in 
Figure 10B, the PE selectively replaces the destination address provided by the client edge device 
with a VPN group ID, thereby reducing the amount of information that needs to be saved at 
provider edge devices in the backbone by associating individual destination addresses with a 
single group ID when it is determined that the source of the packet is an IPsec gateway address. 

The advantage of such a configuration reduces the number of point to point connections 
in the network, and thus reduces the amount of routing information that must be stored, while 
preserving data as it is transferred across the internet, as described at page 10 of Applicant's 
specification, which recites: 
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'With such an arrangement, the amount of data that needs to be stored at each of the 

trusted ingress and egress points is limited to the number of private groups in the VPN, rather 

than the number of connection paths. ..The present invention modifies the existing concepts of 

where the security boundaries need to be established in order to facilitate network scalability..." 
No such advantage is realized by Caronni or Liu, either alone or in combination. 
Applicant has amended the claims to more clearly recite the different functions that are 

performed by the provider and client devices. No such structures are shown or suggested by Liu 

or Caronni, alone or in combination. 

Claims 1.2 and 4-15 

For example, independent claim 1, as amended, now recites "..A method of securing 
packet data transferred between a first and second member of a private network coupled to client 
edge devices over a backbone comprising a plurality of provider devices including provider edge 
devices... comprising the steps of ...encapsulating a private address of a packet ...transforming, at 
a client edge device, the tunneled packet by first applying a group security association associated 
with the private network to the tunneled packet to provide a secure tunneled packet and then 
updating a field in the secure tunneled packet in accordance with the routing protocol of the 
backbone to provide a client transformed packet ... forwarding the client transformed packet to a 
provider edge device; and ... replacing, at the provider edge device, the a destination field of the 
packet with a group identifier associated with the private network for routing the packet across 
the backbone..." 

Claim 1 is therefore patentably distinct over the combination of references which fail to 
describe the claimed client edge and provider edge operations, and it is requested that the 
rejection of claim 1 be withdrawn. Dependent claims 6-8 add further patentable limitations to 
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claim 1 but are allowable for at least the same reasons as claim 1. Claim 15 includes limitations 
similar to those of claim 1 and is therefore allowable for at least the reason that the combination 
of references fail to describe or suggest the shared transform structure of claim 15. 

The remaining claims are also patentably distinct over Liu in view of Caronni for at least 
the reasons that they include limitations similar to those which distinguish claim 1 from the 
references. For example, independent claim 9 is patentably distinct over Caronni in view of Liu 
for at least the reason that the combination of references fails to disclose "...modifying at least 
one field of the packet to replace a destination address of the packet with a group identifier 
associated with the private network responsive to a determination that the gateway address of the 
packet indicates that the packet is a member of the private network..." as claimed. 

Independent claim 1 1 is patentably distinct over Caronni in view of Liu, which neither 
describes nor suggests the limitations of claim 1 1 which include "...a client edge device including 
a tunneling mechanism for encapsulating packets that are to be transferred to the backbone in a 
public address including a gateway address and a destination address to provide a secured packet; 
and transform logic operable to apply a security association to each packet transmitted by the 
client edge device to the backbone... a provider edge device coupled to the client edge device, the 
provider edge device comprising a virtual route forwarding table for storing group identifiers 
associated with destination addresses and means, responsive to the gateway address of the public 
address, for selectively updating the destination field of the packet with a group identifier for 
routing the packet across the backbone. Therefore it is requested that the rejection of claim 1 1 be 
withdrawn. 

Independent claim 13 is patentably distinct over Caronni in view of Liu, which neither 
describes nor suggests the limitations of claim 13 which includes "... means for updating a 
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destination field of the packet to replace a destination identifier with a group identifier prior to 
the routing of the packet if it is determined that the source address of the packet corresponds to a 
gateway address indicating that the packet is forwarded between members of the scalable private 
network..." Therefore it is requested that the rejection of claim 1 1 be withdrawn. Claim 14 
serves to further patentable limitations to claim 13 yet is allowable for at least the reason that it 
depends up on an allowable claim; it is therefore requested that the rejection of claim 14 be 
withdrawn. 

Rejections under 35 U.S.C. $103(a^ 
Claim 3: 

Claim 3 was rejected under 35 U.S.C. § 103(a) as being unpatentable over Liu in view of 
Alkhatib et al. (U.S. Patent 2003/0233454). Applicants note that claim 3 has been cancelled, but 
will address the teachings of Alkhatib. 

Alkhatib: 

Alkhatib describes, in the abstract: 

"...A system is disclosed for establishing a public identity for an entity on a private 
network. In one embodiment, a first entity can initiate a request to create a binding of a public 
address to a private address for itself The existence of this public address for the first entity can 
be made known so that other entities can use the public address to communicate with the first 
entity. The present invention allows entities outside of a private network to initiate 
communication with an entity inside a private network..." 

The Examiner states, at page 1 1 of the office action: 
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"...It would have been obvious to a person of ordinary skill in the art .... to combine the 
teaching of Alkhatib within the sytem of Liu because (a) Liu teaches a mechanism to extend 
private networks into a public infrastructure ... and (b) Alkhatib teaches providing a method to 
create a binding between public addresses when communicating over a private network..." 

Applicant's Argument 

It is well known that to "establish a prima facie case of obviousness, three basic criteria 
must be met. First, there must be some suggestion or motivation, either in the references 
themselves or in the knowledge generally available to one of ordinary skill in the art, to modify 
the reference or to combine reference teachings. Second, there must be a reasonable expectation 
of success. Finally, the prior art reference (or references when combined) must teach or suggest 
all the claim limitations. The teaching or suggestion to make the claimed combination and the 
reasonable expectation of success must both be found in the prior art, not in applicant's 
disclosure. In re Vaeck, 947 F.2d 488, 20 USPQ2d 1438 (Fed. Cir. 1991)." (M.P.E.P. 2143). 

No motivation for the modification of references is shown or suggested by the Examiner 

The mere fact that references can be combined or modified does not render the resultant 
combination obvious unless the prior art also suggests the desirability of the combination. In re 
Mills, 916 F.2d 680, 16 USPQ2d 1430 (Fed. Cir. 1990) A statement that modifications of the 
prior art to meet the claimed invention would have been '" well within the ordinary skill of the art 
at the time the claimed invention was made'" because the references relied upon teach that all 
aspects of the claimed invention were individually known in the art is not sufficient to establish a 
prima facie case of obviousness without some objective reason to combine the teachings of the 
references. Ex parte Levengood, 28 USPQ2d 1300 (Bd. Pat. App. & Inter. 1993). 
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Although the Examiner has stated that the references teach the various limitations, the 

Examiner has provided no reason why one would be motivated to combine these teachings. For 

at least this reason the rejection under 35 U.S.C. §103 is improper and should be withdrawn. 

The Proposed Modification renders the prior art unsatisfactory for its intended purpose 

In combining Caronni/Liu with Alkhatib, the Examiner is ignoring the desire of Caronni 

to develop a Supernet, which is layered over the virtual addresses to separate network behavior 

from addressing. For at least the reason that the combination would frustrate the desired goals of 

Caronni, it is requested that the rejection be withdrawn. 

Combination neither describes nor suggests the limitations of the claims 

However, assuming that one would be motivated to combine the teachings of Alkhatib 
with Caronni/Liu, the combination would still neither describe or suggest the limitations of the 
claims. As discussed above, Caronni/Liu fails to describe the particular structure of the claims in 
which address transforms are performed partially by a client edge device and partially by a 
provider edge device. Alkhatib does nothing to overcome the inadequacies of the Caronni/Liu 
references. 
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Conclusion: 



Applicants have made a diligent effort to place the claims in condition for allowance. 
However, should there remain unresolved issues that require adverse action, it is respectfully 
requested that the Examiner telephone Applicants' Attorney at the number listed below so that 
such issues may be resolved as expeditiously as possible. 

For these reasons, and in view of the above amendments, this application is now 
considered to be in condition for allowance and such action is earnestly solicited. 
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